Google Offers Web Searchers, Chrome Users More Privacy
The previous 18-month retention policy has been whittled down to address regulatory concerns.
Google Chrome (click for image gallery)
Moving to address privacy concerns, Google on Monday said it will reduce the amount of time it keeps server log data.
"We'll anonymize IP addresses on our server logs after 9 months," said Google global privacy counsel Peter Fleischer, senior privacy counsel Jane Horvath, and software engineer Alma Whitten in a jointly authored blog post. "We're significantly shortening our previous 18-month retention policy to address regulatory concerns and to take another step to improve privacy for our users."
Google also said it will change the way its Google Suggest feature works to make the service more private.
Google Suggest proposes possible search term refinements as Google users type their queries. It is available in Google Chrome, Google's new Web browser, as well as in Google Search, Google Toolbar, Google Search for the iPhone, and Mozilla's Firefox.
To read what the user is typing and respond to it, Google Suggest routes typed input to Google, without any affirmative action on the user's part, like hitting the "enter" key. Ninety-eight percent of the time, Google says it does not record any of this input. But 2% of Google Suggest input gets stored and logged "to monitor and improve the service." The information retained includes the user's IP address, through which is it usually possible to identify the user.
Google insists that it needs to retain certain information to improve search and security. But Urs Holzle, Google's senior VP of operations, in a blog post said that in the case of Google Suggest "it's possible to provide a great service while anonymizing data almost immediately."
"[G]iven the concerns that have been raised about Google storing this information -- and its limited potential use -- we decided that we will anonymize it within about 24 hours (basically, as soon as we practically can) in the 2% of Google Suggest requests we use," said Holzle. "This will take a little time to implement, but we expect it to be in place before the end of the month."
Since last year, when regulators and policymakers began questioning Google's privacy practices in earnest and competitors' privacy initiatives made Google's efforts look half-hearted, Google has looked like a company on the defensive.
As recently as June, a coalition of consumer and privacy groups published an open letter to Google CEO Eric Schmidt asking Google to place a privacy link on its home page, as required by California law. When Marissa Mayer, Google's VP of search products and user experience, announced that Google had decided to add a privacy link to Google's home page after all, she noted that Google's co-founders would only agree to the change if the number of words on the home page remained unchanged. The deciding factor thus was technical -- minimizing page load time -- rather than customer respect or legal compliance.
But with Monday's announcements, Google appears to be more willing to engage on the issue of privacy. Perhaps that will be enough to keep regulators at bay.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.